CloudFlare Security Incident

Namecheap takes security very seriously. As we were alerted to the CloudFlare memory leak security issue in the early hours of Friday 24th February, we immediately assembled a security task force to determine if the CloudFlare issue impacted any Namecheap users.

We are performing a very thorough investigation to ensure the safety of Namecheap users. The early results of our investigation show that no Namecheap user is affected as a result of the CloudFlare memory leak. However, our investigation continues and we will periodically update you as our investigation continues.

We also have initial confirmation from CloudFlare that we have not been affected.

How can CloudFlare affect Namecheap accounts?
Namecheap uses CloudFlare primarily as a CDN (content delivery network). CloudFlare’s network delivers the Namecheap website to our users around the globe. This means that CloudFlare’s service ‘sits in-front’ of the Namecheap website, as it does for the majority of large websites around the world. Theoretically, any of these large websites that use CloudFlare could be affected by this security bug.

What are Namecheap’s next steps?
The security task force we have assembled is working through this issue and performing a very thorough audit in how Namecheap uses CloudFlare. While our early investigation shows Namecheap users to be unaffected, we continue to investigate while talking to CloudFlare to ensure no other bugs or issues arise.

What do I need to do?
At this stage, nothing. We’ve got you covered and will update this blog post as our investigation continues. However, now is a timely opportunity to remind you to enable 2 Factor Authentication (2FA) across all of your Namecheap accounts if you have not already done so.